Log Message:
the caching database may need to inherit ACLs and limits from the proxy

FYI, I needed the above to ensure the cache honors ACLs at the proxy
side. I think there are few other issues with pcache; essentially:
1) the cache has no knowledge of the identity that was used to populate
it; this can be an issue if clients authenticate as individual users
instead of asserting an applicative identity and if per-user ACLs are
enforced at the remote server. I don't see an easy fix to this, except
a per-user cache; I think this was already discussed at some point.
2) the cache use is quite limited if the proxy also acts as authorizing
backend for the users, since binds are not proxied. The proxycache
should be able to cache plaintext-like binds.
3) if the proxy doesn't act as authorizing backend for the users, all
proxying occurs anonymously; this works around issue (1), but it still
makes the cache useless if the remote server requires binds, or protects
the proxied info with ACLs. I have a solution for this by means of the
"idassert" feature of back-ldap, which required the cache to honor ACLs
(and thus the present commit). However, this solution suffers from issue
(2) when the proxy is also the authorizing backend for the users, since
it still requires at least a bind for all connections (in its current
implementation, it actually requires 2 (!) binds for each bind
operation, which is something I think I can easily fix and reduce to 1
for each connection, plus 1 at the first connection).